In some organizations, employees often move between multiple roles and/or projects under a same department and/or manager. However, in such cases, this may result in individual users having to request additional permissions for new assignments and/or projects, while retaining older permissions. These older permissions may build up and then need to be cleaned up. Further, when users move to different job roles, their contacts and patterns of work-related communications may also have changes. Therefore, in these role change situations, network administrators may be unaware of such transitions and may be powerless in identifying moments when permissions are no longer needed.
Some solutions for managing permissions rely on trust (e.g., maintaining older permissions, while trusting users not to access what they no longer need), a periodic “keep alive” (e.g., yearly re-apply or notification to withdraw), and/or constantly having to manage these permissions manually, which may be a significant burden on resources. For instance, mismanagement of user permissions can evolve into high overhead costs for network administrators, which can inhibit or prevent them from spending time on other more important tasks. Further, in some instances, managing user permissions manually can result in human errors, which can lead to reduced productivity and/or higher security risks.